OnePlus 'accidentally' exposes hundreds of customer emails

Nithin Chowdary

July 26, 2020

Android Police reported that OnePlus had exposed hundreds of email addresses of customers, and One Plus was yet to comment on the development. This happened when the company ended up copy-pasting email addresses in the "To" field, instead of putting email IDs in the "BCC" field while sending out a mass mailer for a research study to a select number of users. Moreover, that resulted in all research email recipients receiving hundreds of customer email addresses. The exact number of affected users is currently unknown, but Android Police has been told that the number is in "hundreds." Even in November'19, the company revealed a significant data breach. OnePlus said hackers gained access to past customer orders that exposed information like customer names, contact numbers, emails, and shipping addresses. In November last year, the company revealed a significant data breach in which customer's information such as name, contact number, email, and shipping address was exposed. Before that, a breach through their official website exposed credit card information of nearly 40,000 customers, which is their first security breach.

Abridged fromET CISO